US12574357B2ActiveUtilityA1

Secure data exchange using format-preserving encryption

79
Assignee: CAPITAL ONE SERVICES LLCPriority: May 3, 2022Filed: Apr 23, 2024Granted: Mar 10, 2026
Est. expiryMay 3, 2042(~15.8 yrs left)· nominal 20-yr term from priority
H04L 2209/34H04L 9/0872H04L 9/0866H04L 9/0618H04L 63/0428H04L 9/0838
79
PatentIndex Score
0
Cited by
18
References
20
Claims

Abstract

Methods and systems disclosed herein describe tokenizing data to generate a secure token that is limited in scope (e.g., directed to a specific recipient) and limited in time (e.g., valid for only a specified period of time). A detokenization process may be employed to recover encrypted data of the secure token without the need for any relational database lookup processes, thereby reducing cost while maintaining robust protection against unintended recipients that attempt to recover the encrypted data.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method comprising:
 receiving, at a first computing device and from a second computing device, a secure token;   decoding, at the first computing device, a first portion of the secure token to recover metadata and error detection data;   determining, based on the metadata, a recovered system time;   determining, based on a current system time and the recovered system time, whether the secure token is unexpired;   decrypting, according to a format-preserving encryption algorithm, based on a user identification, and using a cryptographic key, a second portion of the secure token to generate recovered data;   performing, based on the recovered data, an error detection calculation on the recovered data to generate confirmation error detection data;   determining, based on comparing the error detection data and the confirmation error detection data, whether the secure token is valid;   outputting, by the first computing device, an indication of a result of determining whether the secure token is valid; and   outputting, by the first computing device, the recovered data.   
     
     
         2 . The method of  claim 1 , further comprising decoupling the first portion of the secure token and the second portion of the secure token. 
     
     
         3 . The method of  claim 2 , wherein decoupling the first portion of the secure token and the second portion of the secure token comprises deinterleaving the first portion of the secure token and the second portion of the secure token. 
     
     
         4 . The method of  claim 2 , wherein decoupling the first portion of the secure token and the second portion of the secure token comprises deconcatenating the first portion of the secure token and the second portion of the secure token. 
     
     
         5 . The method of  claim 1 , wherein the current system time is determined using an epoch converter. 
     
     
         6 . The method of  claim 1 , wherein the current system time comprises a value indicating an amount of time elapsed from a predetermined prior time. 
     
     
         7 . The method of  claim 1 , wherein determining whether the secure token is unexpired further comprises comparing the recovered system time to the current system time. 
     
     
         8 . The method of  claim 1 , further comprising:
 deriving the cryptographic key, using a key derivation function and based on the recovered system time, a predetermined shared secret associated with the first computing device and the second computing device, a predetermined number of iterations associated with the key derivation function, and the user identification.   
     
     
         9 . The method of  claim 1 , wherein the user identification comprises an identifier associated with an intended recipient of data of the secure token. 
     
     
         10 . The method of  claim 1 , wherein performing the error detection calculation on the recovered data to generate the confirmation error detection data comprises performing a cyclic redundancy check (CRC) on the recovered data. 
     
     
         11 . A computing device comprising:
 one or more processors; and   memory storing instructions that, when executed by the one or more processors, cause the computing device to:
 receive, at the computing device and from a remote computing device, a secure token; 
 decode, at the computing device, a first portion of the secure token to recover metadata and error detection data; 
 determine, based on the metadata, a recovered system time; 
 determine, based on a current system time and the recovered system time, whether the secure token is unexpired; 
 decrypt, according to a format-preserving encryption algorithm, based on a user identification, and using a cryptographic key, a second portion of the secure token to generate recovered data; 
 perform, based on the recovered data, an error detection calculation on the recovered data to generate confirmation error detection data; 
 determine, based on comparing the error detection data and the confirmation error detection data, whether the secure token is valid; 
 output, by the computing device, an indication of a result of determining whether the secure token is valid; and 
 output, by the computing device, the recovered data. 
   
     
     
         12 . The computing device of  claim 11 , wherein the current system time is determined using an epoch converter. 
     
     
         13 . The computing device of  claim 11 , wherein the current system time comprises a value indicating an amount of time elapsed from a predetermined prior time. 
     
     
         14 . The computing device of  claim 11 , wherein the instructions, when executed by the one or more processors, cause the computing device to determine whether the secure token is unexpired by comparing the recovered system time to the current system time. 
     
     
         15 . The computing device of  claim 11 , wherein the instructions, when executed by the one or more processors, cause the computing device to:
 derive the cryptographic key, using a key derivation function and based on the recovered system time, a predetermined shared secret associated with the computing device and the remote computing device, a predetermined number of iterations associated with the key derivation function, and the user identification.   
     
     
         16 . The computing device of  claim 11 , wherein the user identification comprises an identifier associated with an intended recipient of data of the secure token. 
     
     
         17 . The computing device of  claim 11 , wherein the instructions, when executed by the one or more processors, cause the computing device to perform the error detection calculation on the recovered data to generate the confirmation error detection data by performing a cyclic redundancy check (CRC) on the recovered data. 
     
     
         18 . One or more non-transitory computer-readable media storing instructions that, when executed by one or more processors, cause the one or more processors to perform steps comprising:
 receive, at a first computing device and from a second computing device, a secure token;   decode, at the first computing device, a first portion of the secure token to recover metadata and error detection data;   determine, based on the metadata, a recovered system time;   determine, based on a current system time and the recovered system time, whether the secure token is unexpired;   decrypt, according to a format-preserving encryption algorithm, based on a user identification, and using a cryptographic key, a second portion of the secure token to generate recovered data;   perform, based on the recovered data, an error detection calculation on the recovered data to generate confirmation error detection data;   determine, based on comparing the error detection data and the confirmation error detection data, whether the secure token is valid;   output, by the first computing device, an indication of a result of determining whether the secure token is valid; and   output, by the first computing device, the recovered data.   
     
     
         19 . The one or more non-transitory computer-readable media of  claim 18 , wherein the instructions, when executed by the one or more processors, cause the first computing device to:
 derive the cryptographic key, using a key derivation function and based on the recovered system time, a predetermined shared secret associated with the first computing device and the second computing device, a predetermined number of iterations associated with the key derivation function, and the user identification.   
     
     
         20 . The one or more non-transitory computer-readable media of  claim 18 , wherein the user identification comprises an identifier associated with an intended recipient of data of the secure token.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.